Re: Re: Flawed Surveys [was: VPN endpoints]

[Crispin Cowan <crispin () immunix com>]

Paul D. Robertson wrote:

> On Wed, 1 Sep 2004, Stailey, Mike wrote:
>  
>
> > Mike - In CA all public companies must disclose any security breaches.
> > Also, we now have the Sarbanes/Oxley act for publicly held companies.
> > Yes, it's got a long way to go but like in Paul's prior posts - it
> > definitely a start in the right direction.
> >
> > Anyway, that's my story and I'm sticking to it...
> >    
> Isnt' it bad though, that these regulations are coming from outside of our
> field?  Shouldn't we be the ones lobbying and drafting and providing
> guidance?
>  
It is unfortunate. However, it is my perception that HIPAA and 
Sarbanes/Oxley were primarily created to regulate human misbehaviors 
(HIPAA: med staff leaking celebrety med data to the National Enquirer, 
SB: Enron/WorldCom/Tyco) and the computer regulations are not for 
computer best practices per se, but rather just the consequent 
requirements for comuter systems to support the goals of HIPAA and SB.

As such, there is *lots* of room left for regulation of computing 
practices. For good or bad :)

Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards